WP Review Slider Pro <= 12.6.8 Authenticated SQL Injection via 'stypes' Parameter (CVE-2026-8443)

Vulnerability Overview Vulnerability Name: WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) SQL Injection via 'stypes' Parameter CVE ID: CVE-2026-8443 CVSS Score: 8.8 (High) Publication Date: June 15, 2026 Last Updated: June 16, 2026 Researcher: h0xlo Affected Software Software Type: Plugin Software Name: WP Review Slider Pro Affected Versions: <= 12.6.8 Fixed Version: 12.7.0 Remediation Fix Status: Fixed Fixed Version: 12.7.0 Fix Description: Update to version 12.7.0 or later. Vulnerability Description The WP Review Slider Pro plugin contains an SQL injection vulnerability in the and parameters. This vulnerability exists in the AJAX action and affects versions 12.6.8 and below. The vulnerability arises because user-provided JSON strings are decoded using and then directly concatenated into the SQL WHERE clause. This allows attackers to append additional SQL queries and extract sensitive information from the database while authenticated (with Subscriber privileges or higher). References wpreviewslider.com Additional Information Wordfence Intelligence: Offers individual and commercial API access, containing all the same vulnerability data. Webhook Integration: Webhooks can be configured to receive the latest vulnerability information. Related Vulnerabilities WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion via 'injection' Parameter - CVE ID: CVE-2026-8442 - CVSS Score: 8.1 - Publication Date: June 15, 2026 WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) SQL Injection via 'custsetypes' Parameter - CVE ID: CVE-2026-8444 - CVSS Score: 8.8 - Publication Date: June 15, 2026 Copyright Information Copyright: © 2012-2026 Defiant Inc. All Rights Reserved MITRE Corporation: Provides CVE data Contact Technical Support: 9am-8pm ET, 6am-5pm PT, and 2pm-1am UTC/GMT (excluding weekends and holidays) Response Time: 24/7 support, 365 days a year, with a 1-hour response time Other Links Terms of Service: Link Privacy Policy and Notice at Collection: Link Do Not Sell or Share My Personal Information: Link Social Media Twitter: Link Facebook: Link LinkedIn: Link Instagram: Link Subscribe Subscription Link: Link Disclaimer Disclaimer: Link Additional Information Wordfence Free: Link Wordfence Premium: Link Wordfence Care: Link Wordfence Response: Link Wordfence CLI: Link Wordfence Intelligence: Link Wordfence Central: Link Support Documentation: Link Learning Center: Link Free Support: Link Premium Support: Link News Blog: Link In The News: Link Vulnerability Advisories: Link About About Wordfence: Link Affiliate Program: Link Employment: Link Contact: Link Security: Link CVE Request Form: Link Subscribe to Updates Subscription Link: Link Disclaimer Disclaimer: Link Additional Information Wordfence Free: Link Wordfence Premium: Link Wordfence Care: Link Wordfence Response: Link Wordfence CLI: Link Wordfence Intelligence: Link Wordfence Central: Link Support Documentation: Link Learning Center: Link Free Support: Link Premium Support: Link News Blog: Link In The News: Link Vulnerability Advisories: Link About About Wordfence: Link Affiliate Program: Link Employment: Link Contact: Link Security: Link CVE Request Form: Link Subscribe to Updates Subscription Link: Link Disclaimer Disclaimer: Link Additional Information Wordfence Free: Link Wordfence Premium: Link Wordfence Care: Link Wordfence Response: Link Wordfence CLI: Link Wordfence Intelligence: Link Wordfence Central: Link Support Documentation: Link Learning Center: Link Free Support: Link Premium Support: Link News Blog: Link In The News: Link Vulnerability Advisories: Link About About Wordfence: Link Affiliate Program: Link Employment: Link Contact: Link Security: Link CVE Request Form: Link Subscribe to Updates Subscription Link: Link Disclaimer Disclaimer: Link Additional Information Wordfence Free: Link Wordfence Premium: Link Wordfence Care: Link Wordfence Response: Link Wordfence CLI: Link Wordfence Intelligence: Link Wordfence Central: Link Support Documentation: Link Learning Center: Link Free Support: Link Premium Support: Link News Blog: Link In The News: Link Vulnerability Advisories: Link About About Wordfence: Link Affiliate Program: Link Employment: Link Contact: Link Security: Link CVE Request Form: Link Subscribe to Updates Subscription Link: Link Disclaimer Disclaimer: Link Additional Information Wordfence Free: Link Wordfence Premium: Link Wordfence Care: Link Wordfence Response: Link Wordfence CLI: Link Wordfence Intelligence: Link Wordfence Central: Link Support Documentation: Link Learning Center: Link Free Support: Link Premium Support: Link News Blog: Link In The News: Link Vulnerability Advisories: Link About About Wordfence: Link Affiliate Program: Link Employment: Link Contact: Link Security: Link CVE Request Form: Link Subscribe to Updates Subscription Link: Link Disclaimer Disclaimer: Link Additional Information Wordfence Free: Link Wordfence Premium: Link Wordfence Care: Link Wordfence

Goal Reached Thanks to every supporter — we hit 100%!

WP Review Slider Pro <= 12.6.8 Authenticated SQL Injection via 'stypes' Parameter (CVE-2026-8443)